Assigning Roles to Users

The advantage of using this procedure is that only a user who has been assigned a specific role can assume the role. In assuming a role, a password is required if the role is given a password. This provides two layers of security. If a user has not been assigned a role, then the user cannot assume the role (by doing the surole-name command) even if the user has the correct password.

Create a Role and Assign the Role to a User

Create a role.

# roleadd -A solaris.ldoms.read ldm_read

Assign a password to the role.

# passwd ldm_read

Assign the role to a user; for example, user_1.

# useradd -R ldm_read user_1

Assign a password to the user (user_1).

# passwd user_1

Assign access only to the user_1 account to become the ldm_read account.

# su user_1

Type the user password when or if prompted.

Verify the user ID and access to the ldm_read role.

$ id
uid=nn(user_1) gid=nn(<group name>)
$ roles
ldm_read

Provide access to the user for ldm subcommands that have read authorization.